Author Topic: Threat has been detected! Webshield! Avast cant find it though? [SOLVED] (Read 7215 times)

REDACTED · « **on:** August 02, 2014, 07:39:30 AM »

I have had this malware/adware on my computer for a little while now and today i decided to do something about it.
I got malwarebytes, did the scan and removed all the threats it detected. Went onto my browser and the adware was still there...

Then i got avast and i found a few things. I removed them but every time i open up my browser i get the message 'THREAT HAS BEEN DETECTED! Webshield has blocked a harmful webpage or file from opening" Even when my homepage is just the default Google chrome webpage.
They are still sitting in my extensions and comeback when i delete them. The names of the ones i know are
SauveMoauss
PriCeChop
NextCoup
DigiCoupon
Literally no clue how they got here, i'm pretty good about making sure i don't get viruses or malware (4 years, no viruses)
Can someone please help me with this? Its getting irratating hearing it bugging me every time I open chrome or even 5 minutes after being on youtube...

Asyn · « **Reply #1 on:** August 02, 2014, 07:40:38 AM »

Attach your basic logs. (MBAM, FRST and aswMBR..!!)
Instructions: https://forum.avast.com/index.php?topic=53253.0

REDACTED · « **Reply #2 on:** August 02, 2014, 09:15:30 AM »

Here you go...

Asyn · « **Reply #3 on:** August 02, 2014, 09:21:59 AM »

Good job, now you've to wait a bit...

essexboy · « **Reply #4 on:** August 02, 2014, 12:08:43 PM »

Let me know if this stops it

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

Quote

SearchScopes: HKCU - {133E9933-C523-45D8-8FC5-0F3962754F6B} URL =
CHR Extension: (NextCoup) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapjfpcfigkkogboaaeohaaeohdejhig [2014-08-01]
CHR Extension: (PriCeChop) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgckdgeimdlagkajfknmnlfeelcahign [2014-07-22]
CHR Extension: (SauveMoauss) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglepfopdlhbcjmgfnflgcplkhbkfico [2014-07-22]
CHR Extension: (NextCoup) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbmgkaimaddjilchahlcpjijbmnggao [2014-08-01]
CHR Extension: (NextCoup) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapjfpcfigkkogboaaeohaaeohdejhig\1.0 [2014-08-01]
CHR Extension: (PriCeChop) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\cgckdgeimdlagkajfknmnlfeelcahign\1.0 [2014-07-22]
CHR Extension: (SauveMoauss) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dglepfopdlhbcjmgfnflgcplkhbkfico\1.0 [2014-07-22]
CHR Extension: (NextCoup) - C:\Users\Lukas\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogbmgkaimaddjilchahlcpjijbmnggao\1.0 [2014-08-01]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
CHR HKCU\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Lukas\AppData\Local\Comodo
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Google
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Guest\AppData\Local\Comodo
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-07-22 22:12 - 2014-07-22 22:12 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-08-01 11:16 - 2014-07-22 22:12 - 00000000 ____D () C:\ProgramData\865c8cb6fb453759
C:\Users\Lukas\worldpainter_64_1.8.5.exe
C:\Users\Lukas\worldpainter_64_1.9.1.exe
CMD: bitsadmin /reset /allusers
CMD: DEL %TEMP%\*.* /F /S /Q
CMD: RD /S /Q %TEMP%
REBOOT:

Save this as fixlist.txt, in the same location as FRST.exe
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click on Scan.
After the scan is complete click on "Clean"
Confirm each time with Ok.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile with your next answer.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

REDACTED · « **Reply #5 on:** August 02, 2014, 11:21:14 PM »

looks like it worked

Thanks so much.
The file is to large but it isnt coming on my extensions neither is avast finding it

Pondus · « **Reply #6 on:** August 02, 2014, 11:37:14 PM »

Not done yet ..... attach laste requested logs

Author Topic: Threat has been detected! Webshield! Avast cant find it though? [SOLVED] (Read 7215 times)

REDACTED

Threat has been detected! Webshield! Avast cant find it though? [SOLVED]

Asyn

Re: Threat has been detected! Webshield! Avast cant find it though?

REDACTED

Re: Threat has been detected! Webshield! Avast cant find it though?

Asyn

Re: Threat has been detected! Webshield! Avast cant find it though?

essexboy

Re: Threat has been detected! Webshield! Avast cant find it though?

REDACTED

Re: Threat has been detected! Webshield! Avast cant find it though?

Pondus

Re: Threat has been detected! Webshield! Avast cant find it though? [SOLVED]